Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
KADMIN(8)		  BSD System Manager's Manual		     KADMIN(8)

     kadmin -- Kerberos	administration utility

     kadmin [-p	string | --principal=string] [-K string	| --keytab=string] [-c
	    file | --config-file=file] [-k file	| --key-file=file] [-r realm |
	    --realm=realm] [-a host | --admin-server=host] [-s port number |
	    --server-port=port number] [-l | --local] [-h | --help]
	    [-v	| --version] [command]

     The kadmin	program	is used	to make	modifications to the Kerberos data-
     base, either remotely via the kadmind(8) daemon, or locally (with the -l

     Supported options:

     -p	string,	--principal=string
	     principal to authenticate as

     -K	string,	--keytab=string
	     keytab for	authentication principal

     -c	file, --config-file=file
	     location of config	file

     -k	file, --key-file=file
	     location of master	key file

     -r	realm, --realm=realm
	     realm to use

     -a	host, --admin-server=host
	     server to contact

     -s	port number, --server-port=port	number
	     port to use

     -l, --local
	     local admin mode

     If	no command is given on the command line, kadmin	will prompt for	com-
     mands to process. Commands	include:

	   add [-r | --random-key] [--random-password] [-p string |
	   --password=string] [--key=string] [--max-ticket-life=lifetime]
	   [--max-renewable-life=lifetime] [--attributes=attributes]
	   [--expiration-time=time] [--pw-expiration-time=time]	principal...

		 creates a new principal

	   passwd [-r |	--random-key] [--random-password] [-p string |
	   --password=string] [--key=string] principal...

		 changes the password of an existing principal

	   delete principal...

		 removes a principal

	   del_enctype principal enctypes...

		 removes some enctypes from a principal. This can be useful
		 the service belonging to the principal	is known to not	handle
		 certain enctypes

	   ext_keytab [-k string | --keytab=string] principal...

		 creates a keytab with the keys	of the specified principals

	   get [-l | --long] [-s | --short] [-t	| --terse] expression...

		 lists the principals that match the expressions (which	are
		 shell glob like), long	format gives more information, and
		 terse just prints the names

	   rename from to

		 renames a principal

	   modify [-a attributes | --attributes=attributes]
	   [--max-ticket-life=lifetime]	[--max-renewable-life=lifetime]
	   [--expiration-time=time] [--pw-expiration-time=time]
	   [--kvno=number] principal

		 modifies certain attributes of	a principal


		 lists the operations you are allowed to perform

     When running in local mode, the following commands	can also be used:

	   dump	[-d | --decrypt] [dump-file]

		 writes	the database in	"human readable" form to the specified
		 file, or standard out

	   init	[--realm-max-ticket-life=string]
	   [--realm-max-renewable-life=string] realm

		 initializes the Kerberos database with	entries	for a new
		 realm.	It's possible to have more than	one realm served by
		 one server

	   load	file

		 reads a previously dumped database, and re-creates that data-
		 base from scratch

	   merge file

		 similar to list but just modifies the database	with the en-
		 tries in the dump file

     kadmind(8), kdc(8)

HEIMDAL			      September	10, 2000		       HEIMDAL


Want to link to this manual page? Use this URL:

home | help